kqlquery.com posted a good article covering hunting through Graph APIs, Azure Monitor APIs, and Defender ATP APIs. They break down what is possible as well as expected limitations. For those interesting in threat hunting across these resources, this post can save you a ton of time via research. That post can be found HERE.